Management of X.509 Certificates, Private Keys, Certificate Requests and Certificate Chains in Java

At my employer Mendix (https://www.mendix.com), Our cloud platform team which I am a part of, develops, deploys and maintains the global Mendix Cloud. With state-of-the art technologies and tools we build reliable and scalable systems so our customers can get their applications in production faster..
In more simpler terms we provide a complete platform to develop an application and opt-in to make us also host and maintain it for you.

Out of many challenges of this, one of them being the management of anything related to the custom domain service we provide to our customers. So if you host your app on our cloud, you can choose to host in any FQDN (https://en.wikipedia.org/wiki/Fully_qualified_domain_name) that you can control.
We expect you to provide a proper TLS Certificate with related key and chain, on the other hand you can also opt-in to use let's encrypt (https://letsencrypt.org/) than our automated system kicks in and provisions a LE certificate for you.

The biggest challenge is to make sure there are no mistakes or UX issues from the end user perspective, because we know for a fact that it can get confusing with all the necessary requirements of this process. A simple mistake can brake NGINX configuration resulting of downtime that could have been easily avoided.

As a solution to this problem we wrote a library in Java to provide all the tools to work with X.509 Certificates, Private Keys, Certificate Requests and Certificate Chains in Java, a big plus of this library is that it doesn't have any dependencies even internally (no bouncycastle!) so its very lightweight and vanilla.

You can grab it here:

https://github.com/mendix/SSLTools

Thanks for reading,

Emir